I'm starting to write some tests for an app, using Mocha, Chai and supertest
I'm testing fuzzing some forms, to verify the correct response.
Right now, my entire test looks like this:
const app_config = require('../config/mainConfigs');
const request = require('supertest');
const nock = require('nock');
const expect = require('chai').expect;
const fuzzer = require('fuzzer');
process.env.TEST = true;
var app = require('../app/app');
var appRequest = request(app);
process.env.NODE_TLS_REJECT_UNAUTHORIZED = '0';
//Run request tests
describe('Request Tests', () => {
before((done) => {
//load app
app.start().then(() => {
done();
});
});
describe('basic page request', () => {
it('should respond with 200 respond code', () => {
appRequest.get('/login')
.expect(200)
.expect('Content-Type', 'text/html; charset=utf-8')
.end((err, res) => {
if (err) throw err;
});
});
});
describe('Fuzz Test', () => {
describe('fuzzing login page with 1000 username/password permutations', () => {
fuzzer.seed(0);
it('should respond with 403 / invalid csrf token', async () => {
for(var i=0; i <= 1000; i++){
appRequest.post('/login')
.send({
username: fuzzer.mutate.string('fuzzfromhere'),
password: fuzzer.mutate.string('fuzzfromhere')
})
.expect((code) => {
if (code != 403 && code != 429) throw code;
})
.end((err, res) => {
if (err) throw err;
});
}
});
});
describe('fuzzing tokenizer page with 1000 random values', () => {
it('should respond with invalid number', () => {
// touch env to skip login and rate limiter
process.env.TEST = 'skipLogin,skipRateLimiter';
//get csrf to validate queries
appRequest.get('/tokenize')
.expect((response) => {
//test
console.log(`expect resp: ${response}`);
})
.end((err, res) => {
if (err) throw err;
console.error(`expect error: ${err}`);
});
});
});
});
//Tests completed, end server
after((done) => {
app.end().then(() => {
delete process.env.TEST;
done();
}).catch((err) => {
throw err;
});
});
});
If you notice, there are 3 tests, first it loads the login page (just to ensure server is responding), second it fuzzes login page, and third, it fuzzes another form. But, for some reason, that third test can never run. I get the following error:
Uncaught Error: ECONNREFUSED: Connection refused at Test.assert (node_modules\supertest\lib\test.js:165:15) at assert (node_modules\supertest\lib\test.js:131:12) at C:\Users...\src\node_modules\supertest\lib\test.js:128:5 at Test.Request.callback (node_modules\supertest\node_modules\superagent\lib\node\index.js:718:3) at ClientRequest.req.once.err (node_modules\supertest\node_modules\superagent\lib\node\index.js:646:10) at TLSSocket.socketErrorListener (_http_client.js:387:9) at emitErrorNT (internal/streams/destroy.js:64:8) at _combinedTickCallback (internal/process/next_tick.js:138:11) at process._tickCallback (internal/process/next_tick.js:180:9)
I'm already using the "solution" presented here, with no change.
Any idea what may be causing this?
